Skip to main content

๐Ÿš€ Migration from NGINX to Caddy

๐Ÿ“ฆ Installationโ€‹

Install Caddy using the official instructions: https://caddyserver.com/docs/install

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl rsync
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

โš™๏ธ Caddy - Config file /etc/caddy/Caddyfileโ€‹

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

blog.salucci.ch {
        root * /var/www/blog.salucci.ch
        encode gzip
        file_server

        header {
                Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
                X-Frame-Options "DENY"
                X-Content-Type-Options "nosniff"
                Referrer-Policy "no-referrer-when-downgrade"
                X-XSS-Protection "1; mode=block"
                Permissions-Policy "geolocation=(), microphone=()"
                Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
        }

        # โœ… Webhook route
        @webhook path /webhook
        handle @webhook {
                reverse_proxy 127.0.0.1:5555 {
                        header_up Host {host}
                        header_up X-Real-IP {remote}
                }
        }

        # ๐ŸŒ Main site handler
        handle {
                @disallowed_methods {
                        not method GET HEAD
                }
                respond @disallowed_methods "Method Not Allowed" 405

                @hidden_files {
                        path /.env* /.git* /.bash* /.cache* /.config* /.* /.*/*
                }
                respond @hidden_files "Access Denied" 403

                @sensitive_files path_regexp sensitive_files ^.*(\.bak|\.config|\.env|\.git|~)$
                respond @sensitive_files "Access Denied" 403

                @php_files {
                        path *.php
                }
                respond @php_files "PHP execution is disabled" 403

                try_files {path} {path}/ /index.html
        }
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

โœ… Validate the Configโ€‹

sudo caddy validate --config /etc/caddy/Caddyfile

๐Ÿ“ Set Up Directory Structureโ€‹

sudo mkdir -p /etc/caddy
sudo mkdir -p /var/www/blog.salucci.ch
sudo chown -R caddy:caddy /var/www/blog.salucci.ch

๐Ÿงน Disable and Remove NGINXโ€‹

sudo systemctl stop nginx

๐Ÿšซ 1. Disable It From Starting on Bootโ€‹

sudo systemctl disable nginx

โŒ 2. Remove It Completelyโ€‹

If you're sure you no longer need it:

sudo apt remove --purge nginx nginx-common
sudo apt autoremove

โœ… Ensure Caddy Is Active and Binding Correctlyโ€‹

๐Ÿ” Reload or Restart Caddyโ€‹

sudo systemctl restart caddy

๐Ÿ” Verify Caddy is Listening on 80/443โ€‹

sudo ss -tuln | grep ':80\|:443'

You should see something like:

udp   UNCONN 0      0                      *:443             *:*
tcp   LISTEN 0      4096                   *:443             *:*
tcp   LISTEN 0      4096                   *:80              *:*